Re: Firewall & Bridge
I am not sure where to point you for additional information as I
myself am looking for it... However from what I have been able to ascertain
is that the bridging by-passes the firewall code in the kernel and therefore
requires a patch to make the kernel support bridging firewalls... The problem
I've found is that the only bridging firewall patch I was able to locate from
one of the HOWTOs on bridging+firewall was for a 2.2 kernel using ipchains,
which does no good with a 2.4 kernel using iptables...
Whether this behaviour of not using the firewall with bridging by
default is the same from 2.2 to 2.4 kernels I haven't been able to determine
but this might give you some idea of where I'm looking for answers...
Jeremy T. Bouse
On Tue, Sep 04, 2001 at 06:25:15PM -0400, Jayson Johnson wrote:
> I know this question has come up here and there, and I am still haveing trouble getting things to work.
> I am trying to create a bridge that will also filter out packets (tcp's) and redirect them to another location or deny them.
> I can do this in a firewall, and get everything to work, but the trick is, I need them to work with the bridge.
> I built the bridge and it works great. I can't get the firewall part working I have went to every bridge/firewall site, tried everything that is suggested, and still can't seem to get the firewall to work. I do not want to setup the box as a router, because there are several hundred users in various locations, etc, that already have there tcp/ip info setup, and there is not one central place that I can pop the box into, to use as a router. I want it to be completly transparent. Any suggestions or help? I am downloading the latest build of debian, and see if that helps. I am using kernel 2.4.2 now.
> Jayson Johnson